package com.lcf.app.security.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author ChenFei
 * @date 2021/11/19
 */
@RestController
@RequestMapping("user")
public class UserController {

    @Secured({"ROLE_USER"})
    @GetMapping("")
    public String get() {
        return "user get";
    }

    //@PreAuthorize("hasRole('USER')")//判断角色可以不加ROLE_ , 实际上是按照ROLE_USER判断的
    @PreAuthorize("hasAnyAuthority('user','admin')")
    @GetMapping("list")
    public String list() {
        return "user list";
    }

    /**
     * @Secured() :只能作用于角色，并且ROLE_开头
     * eg:
     *    @Secured({ "ROLE_USER" })
     *    public void create(Contact contact);
     *
     *    @Secured({ "ROLE_USER", "ROLE_ADMIN" })
     *    public void update(Contact contact);
     *
     *    @Secured({ "ROLE_ADMIN" })
     *    public void delete(Contact contact);
     *
     * @PreAuthorize() 支持Spring-EL
     * eg:
     *      hasRole([role])
     *      hasAnyRole([role1,role2])
     *      hasAuthority([authority])
     *      hasAnyAuthority([authority1,authority2])
     *
     * @RolesAllowed()
     *
     *
     */

}
